Saturday, June 25, 2022

COVID-19 Community Levels


I know that most people have grown weary of the pandemic (as have I), but it’s been a while since I wrote about COVID-19. The Centers for Disease Control and Prevention (CDC) created a framework for making public health decisions based on COVID-19 hospitalization and inpatient beds occupied by patients with COVID-19.

The COVID-19 Community Levels framework is described here. It describes the community level framework (pictured above) and includes a COVID-19 County Check where users can enter their state and county to determine if their community level is Low, Medium, or High. For each community level, it describes recommended individual and household-level prevention behaviors including vaccination, masking, testing, quarantine, and other preventive methods. Also for each level, it describes community-level prevention strategies including improving indoor ventilation, providing access to testing and screening, supporting healthcare during surges, and other methods.

A CDC scientific brief is provided here. It summarizes the scientific evidence that was used to inform the CDC recommendations. Finally, a technical presentation is available in .pptx and .pdf format. Key points include:

  • Vaccination is the leading public health prevention strategy to prevent severe disease and deaths from COVID-19
  • People who are up to date on vaccines have much lower risk of severe illness and death from COVID-19 compared with unvaccinated people
  • When making decisions about individual preventive behaviors and community prevention strategies in addition to vaccination, people and health officials should consider the COVID-19 community level
  • Health departments should consider health equity, and make use of other surveillance information (wastewater, ED surveillance, etc.), if available, to inform local decisions
  • Layered prevention strategies — like staying up to date on vaccines and wearing masks — can help prevent severe disease and reduce strain on the healthcare system

To illustrate how the COVID-19 Community Level is applied to an actual county, see the Los Angeles County department of Public Health press release which categorizes the county at a Medium community level as of June 24, 2022 and describes what would happen in the event that the county crosses the threshold into High community level.

Public health recommendations seem confusing to many people because they change. As difficult as it may seem to follow the changing recommendations, it is necessary to continue to modify guidance as the pandemic evolves. I hope that by shedding light on the CDC COVID-19 Community Levels framework, it will be easier to understand the rationale for our evolving public health guidance.

Hospital Websites and Meta Pixel

Meta (the company formerly known as Facebook) is in the hot seat again, this time in conjunction with many hospitals and health systems across the country. A tracker called the Meta Pixel was discovered on many hospital websites, bringing into question once again how much you can trust third parties with your sensitive information. According to an article by The Markup, 33 of Newsweek’s top 100 hospitals in the country were sending sensitive data to Facebook via Meta Pixel as of June 15, 2022. The Meta Pixel tracker was found on multiple areas of hospital websites including appointment scheduling pages and password-protected patient portals. The information included medications, allergies, search terms for how doctors were found (e.g., “pregnancy termination”), and other data. Details of how The Markup obtained this information are provided here.

It is common knowledge to many individuals, particularly those who have watched The Social Dilemma, that Meta tracks personal information for its users. So why is the discovery of Meta Pixel such a big deal? In healthcare, a law called the Health Insurance Portability and Accountability Act (HIPAA) prohibits “covered entities” like hospitals from sharing “protected health information” (PHI) with third parties like Meta.

A covered entity is an individual, organization, or agency that transmits personally identifiable information. It includes health care providers, health plans, and health care clearinghouses. The hospitals that were found to have Meta Pixel installed on their websites are covered entities.

PHI (a.k.a. “Individually identifiable health information” or “personally identifiable health information” or other variations) is defined as information, including demographic data, that relates to:

  • the individual’s past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.

In other words, HIPAA law is written in a way that individuals and organizations who have access to patient information are expected to keep it private and only use it when necessary to deliver patient care, handle payment, or perform other permitted administrative functions. According to The Markup:

“I am deeply troubled by what [the hospitals] are doing with the capture of their data and the sharing of it,” said David Holtzman, a health privacy consultant who previously served as a senior privacy adviser in the U.S. Department of Health and Human Services’ Office for Civil Rights, which enforces HIPAA. “I cannot say [sharing this data] is for certain a HIPAA violation. It is quite likely a HIPAA violation.”

Meta Pixel has been the subject of several class action lawsuits in several states. Results have been mixed, and you read more about them in the “Legal Implications” section of the article by The Markup. Meanwhile, as patients and as users of technology, we have to ask ourselves if we trust social media and if we trust our hospitals to safeguard our health information.